RE: Proxy 2.0 secure?

["Choi, Byoung" <bchoi () visa com>]

beside the size, nt protocol stack is substantially less mature than
unix code - it often kills the machine when it receives malformed
packets, particularly faulty IP fragmemts ( i don't know what new fixes
ms came out with, but last time i tried - couple of weeks ago - I found
at least three types of hacks generating malformed packets that knocked
out NT boxes with all the patches available from ms)   such malformed
packets can be generated by mistakes by other hosts, not necessarily
with malicious intents, and, in order to call nt protocol stack a
working piece of code, it must handle these degenerates properly, at
least not killing the machine.
(just to note, i had "hardened" the nt box by taking out just about all
nt-specific services, with only tcp/ip protocol, and all ports diabled
except a few open for dedicated application purposes.  the machine
choked even when the degenerate packets were addressed to ports that
were supposedly "disabled" ! )

i ran the same test against unix boxes, and they didn't budge - not
surprising, since they had decades to sort out these little bugs.  same
buggy problem afflicts linux, which is also relatively new like nt, but
with its source being open, bug report and fixes come out much quicker
than those for nt, and you can examine for yourself that the fix is a
real fix, not a bandaid solution, with the open source (and open patch
as well).

with the proxy running on nt, it wouldn't matter how good the proxy code
is, if the underlying OS chokes up.   if you are security/availability
conscious, it would be a good idea to keep nt boxes outta net segments
exposed to the Net.   i heard that ms bought reliable, time-tested
source for protocol stack from a third party for their nt release 5, and
perhaps buggy protocol stack problem will be less of an issue with nt 5,
but until then, i would keep nt boxes out of the Net if i want them stay
up and be useful.

b-
        ----------
        From:  Mark Horn [ Net Ops ]
        Sent:  Thursday, June 25, 1998 6:53 AM
        To:  Gillian Steele
        Cc:  Stout, Bill; Firewall-wizards
        Subject:  Re: Proxy 2.0 secure?

        Gillian Steele says:
        >Personally, I'm willing to put my faith in those magazines that
actually do
        >real-world testing, to back up their claims,   and the claims
of Data
        >Communications about the "soundness" of  the NT-based
Firewalls, including
        >MSP 2.0 seem sound enough to me.

        NT is a pretty big operating system that is tied to its very big
user
        interface.  That's a *LOT* of code containing a number of bugs
        commensurate with the code's size.  Bellovin's "Fundamental
Theorem of
        Firewalls" says that's a problem.  The idea is that since all
code has
        bugs, the best way to reduce bugs (i.e. security holes) in a
firewall is
        run the firewall with the least amount of code possible.  It is
        exceedingly difficult to do that with NT.

        So, from my perspective, it doesn't matter what firewall
software is
        running on NT.  It will always be more susceptable to bugs than
equivalent
        software running on a trimmed down unix.  Until you can remove
the bloated
        GUI from NT, your stuck with its known and unknown bugs - all of
which, on
        a firewall, are security holes.

        -- 
        Mark Horn <mhornNOSPAM () nospam funb com>

        PGP Public Key available at:
http://www.es.net/hypertext/pgp.html
        PGP KeyID/fingerprt: 00CBA571/32 4E 4E 48 EA C6 74 2E 25 8A 76
E6 04 A1 7F C1